Login

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia Research reported two vulnerabilities in e107 :The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the 'content_heading' parameter correctly and is therefore vulnerable to a cross site scripting attack.The second vulnerability is related to the avatar upload functionality. Images containing PHP code can be uploaded and executed.